Date: Thu, 4 May 2000 21:04:19 +0200 From: Neil Blakey-Milner <nbm@mithrandr.moria.org> To: Nick Hibma <n_hibma@calcaphon.com> Cc: freebsd-bugs@freebsd.org Subject: Re: bin/18373: pkg_delete shouldn't insist on root Message-ID: <20000504210419.A23799@mithrandr.moria.org> In-Reply-To: <Pine.BSF.4.20.0005041854530.7651-100000@localhost>; from n_hibma@calcaphon.com on Thu, May 04, 2000 at 06:56:45PM %2B0100 References: <20000504170054.A21029@mithrandr.moria.org> <Pine.BSF.4.20.0005041854530.7651-100000@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu 2000-05-04 (18:56), Nick Hibma wrote: > You can't update /var/db/pkgs in that case. I think. In any case, part > of the update needs to be done as root, so pkg_delete has to switch user > every so often to do the right thing. No, it doesn't. You should read the pkg_delete man page, and look at the PKG_DBDIR environment variable, and the fact pkg_delete isn't setuid. It isn't a security concern. It doesn't let users do anything more than they usually can. It just lets them use a tool to ease automation of what they'd have to do themselves. Neil -- Neil Blakey-Milner Hacker In Chief, Sunesi Clinical Systems nbm@mithrandr.moria.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000504210419.A23799>